Security issue: Remote (local) TCP traffic in our local network

mpteamviewer
mpteamviewer Posts: 5
edited May 2023 in General questions

We had reproducedly TCP traffic from the remote PC in our local network (to 10.31.1.x) every time we started a commercial teamviewer 6 session to that remote PC. How is that possible? Please advise.

Comments

  • mLipok
    mLipok Posts: 781 ⭐Star⭐

    Did you try to test with recent TV version ?

     

    Regards,
    mLipok , AutoIt MVP
  • We have Teamviewer 6 Commercial License and not tested with other versions

  • Natascha
    Natascha Posts: 1,591 Moderator

    Hi @mpteamviewer 

    Thank you for your post. 

    TeamViewer is establishing its connections via TCP. 

    Please read the following article for more information: Which ports are used by TeamViewer?

    Hope this could help. If there are any further questions, feel free to contact us again. 

    All the best,
    Natascha

    German Community moderator 💙 Moderatorin der deutschsprachigen Community

  • @Natascha: Thanks, sure we are aware of the ports. How should that explain the issue?

    Currently we assume Teamviewer is creating some kind of a VPN remotely, thus receives those suspicious TCP packets and forwards them to our local network.

  • Natascha
    Natascha Posts: 1,591 Moderator

    Hi @mpteamviewer 

    Thank you for the fast reply. 

    TeamViewer is using TCP ports for the connections. Therefore, it is expected behaviour that you find TCP packets in your network. 

    If you still are in doubt, please open a ticket for my colleagues. Please keep in mind that opening a ticket requres a licensed TeamViewer account. 

    Thank you very much for the understanding and have a great day. 

    All the best,
    Natascha

    German Community moderator 💙 Moderatorin der deutschsprachigen Community

  • Not sure my reply made it through, I receved an unexpected error after hitting reply from your webapp. Ok, I'll try once more:

    @Natascha 

    The point is: If the remote PC has a local network, say 10.1.0.0/16, and the local PC has 10.2.0.0/16, and if on the *remote* PC there is running a random application trying to send packets to 10.2.0.0/16 (for whatever reason), do we have to expect that the remote app can indeed talk *over Teamviewer* to our local net 10.2.0.0/16? This is what we've seen and this is kind of a scary security issue then.

    Concerning the link to the other support you mention: Please drop some notes how exactly contect them as we constantly get redirected to the community board.

    BR

  • TV-Rene
    TV-Rene Posts: 30 [Former Staff]

    Hello!

    Long story short - we do not support or allow traffic over the TV connection to either network. Those are 1-1 connections, either via TCP or possibly lateron via UDP, if network allows.

    Are you connecting from A to B via ID or via IP?

    Best regards,

    Rene

    Rene - 2nd Level Support
  • @TV-Rene 

    I am not aware of "ID vs. IP" based TV connections. Please elaborate a bit if there are circumstances under which the addressed packet transfer may occur.

  • TV-Rene
    TV-Rene Posts: 30 [Former Staff]

    Good morning.

    Well, if you're connecting via TeamViewer ID's the connection will go (at first) through our Router / Master Server, if a UDP connection can be established, the connection will be 1-1, without any of our Router / Server in between. If that cannot be established it will be going via our Router.

    If you're connecting via IP (after having enabled it in the settings) the connection will be network internal only. At that stage the connection between sub-nets has to be working in order to establish the connection (if its from 10.1.*.* to 10.2.*.*).

    In either way - there will not be any transfering of data between the networks though the TV connection.

    Best regards,

    Rene

    Rene - 2nd Level Support